Microsoft, Apple Issue Security Updates

Microsoft today issued software updates to fix at least 10 security vulnerabilities in various versions of Windows. Among the most dangerous of those is a flaw in the Bluetooth wireless communications feature included with many Windows systems that could open vulnerable systems to complete compromise just by being turned on and in range of an attacker.

Bluetooth is a technology that facilitates wireless communication between devices, and many newer Windows laptops ship with Bluetooth functionality built in and turned on. This is a serious vulnerability, but since Bluetooth is a proximity based wireless technology (most devices need to be within 30 ft. of each other to exchange data), an attacker would in most cases need to be fairly close to the target.

Symantec's Ben Greenbaum said the Windows Bluetooth vulnerability is especially noteworthy because it allows an attacker in range of a Bluetooth-enabled device running Windows XP or Vista to take control of that device. "User interaction is not required," Greenbaum said. "All that is required is for the device to have Bluetooth on and to be within range of the attacker."

Microsoft also issued a patch to change the behavior of its speech recognition software, which it said could be used by an attacker to launch programs on a victim's machine simply by tricking the user into opening an audio file that issues specific commands. This particular patch basically sets it so that Internet Explorer can't be used for such an attack. But it's not entirely clear why Microsoft is just now getting around to changing this, as Security Fix and a number of other media outlets wrote about this potential vulnerability roughly 15 months ago.

Also included in this week's patch batch are critical updates for Internet Explorer and DirectX, a key multimedia component on Windows.

In other patch news, Apple on Monday released a new version of its QuickTime media player that corrects at least five security vulnerabilities in the software. New versions are available for both Windows and Mac OS X users.

The new QuickTime, version 7.5, is available for Mac users from Apple Downloads or through Software Update; Windows users can grab the latest version from the bundled Apple Software Update program (be aware that it will try to offer you the Safari Web browser for Windows, which in its current configuration exposes Windows users to a sneaky avenue of attack that Microsoft has said it plans to address in a future patch).